Can you believe it? There is a new framework to learn and use. It is called YII Framework. YII stands for Yes It Is (how quaint, I must say). YII is a PHP based MVC framework created specifically for highly active web applications, such as portals, forums, CMS, and e-commerce systems. It is designed to be light-weight, with a sophisticated caching mechanism.

The good news is it works on our shared hosting platform. According to YII’s documentation, the only requirement it needs is to have PHP version 5.1 or higher installed on the server; which we do have (PHP ver 5.3.13). Now, setting up a YII web application on our shared hosting environment does require some specialized steps you’ll need to take.

First you’ll need to download the YII Framework folder. Inside this folder are the YII files and extensions. You can download it here.

The second step you’ll need to incorporate is to modify the path your application will be looking for the YII framework. By default it’s set to look outside the root. A lot of the documentation was for an Apache web server therefore they had one standardized YII Framework folder that everyone accessed. That will be impossible on our shared hosting environment since each application only has permission within its’ own root. You will upload the YII Framework folder on your root and modify your application to search the framework from within.

As an example set the code from:

$yii=dirname(__FILE__).'/../framework/yii.php';

to:

$yii=dirname(__FILE__).'./framework/yii.php';

Next, you may need to modify the default time zone setting. By default it is set to UTC, which may not be the same as the server. The application will throw this error if left unchanged.

PHP Warning: phpinfo(): It is not safe to rely on the system’s timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function.

In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone ‘UTC’ for now, but please set date.timezone to select your timezone. in E:\ \YII_Framework\testdrive\test.php on line 3

To fix this problem, you’ll need to create a user.ini file. The file name should be user.ini and place it in your root folder. The default time zone should be delegated to the user level. Add this code in your user.ini file:

[DATE]
date.timezone = “GMT”

Save the user.ini file and that should solve it.

Note: I tested this several times and it may not throw this specific time zone error, but regardless, setting up a user.ini file shouldn’t hurt your application. The user.ini file acts like the PHP.INI file which is the basic PHP configuration for all PHP applications. The user.ini file allows for PHP.INI control at the account level. This is very useful in a Windows platform where we can only have one PHP.INI for the entire server. Keep in mind that some PHP elements/settings cannot be delegated to the account level due to security reasons.

One last step you will want to take before you are done is to protect your YII framework files/extensions from being downloaded. Because the framework itself uses PHP files, it can potentially be downloaded by a browser, modify certain configuration settings on the framework and potentially get re-uploaded back to the server. That can open security holes or exploits to your YII Framework application.

What you will want to do is setup the Framework folder with the same security restrictions as an ASP.Net Bin folder, where your application can access it, but no browser can directly navigate to it and download the files. You will use the RequestFiltering Module to protect the folder Framework. Create a web.config file if you don’t already have one, and place it on the root. Add this XML element within the system.webServer section of the web.config file.

Related

2 Responses

Shared server is not the right choice for hosting Yii based app. Infrastructure providers, like DO, are a much better option. You get dedicated server at reasonable cost. However, setting up a dedicated server is not easy and quick. For that, you can use platform, like Cloudways Yii hosting, for automatically setting up the server with OS and stack. You will only have to install Yii using composer command and deploy your app from git or sftp.

The platform you choose depends on how much work you want to do in server maintenance. Each platform will have it’s pros and cons. But if you are willing and knowledgeable enough to do all the work in maintaining the server in addition to your app, then using an unmanaged VPS/dedicated server is going to be the most flexible and empowering choice. However, for many users, worrying about server O/S updates and security is not something that they want to take on, in which case a fully managed backend system would be a preferable solution, even if you lose some of the flexibility.